/*     */ package com.zimbra.cs.service.account;
/*     */ 
/*     */ import com.zimbra.common.account.Key.AccountBy;
/*     */ import com.zimbra.common.account.Key.DistributionListBy;
/*     */ import com.zimbra.common.account.Key.DomainBy;
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.soap.AccountConstants;
/*     */ import com.zimbra.common.soap.Element;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.AccountServiceException;
/*     */ import com.zimbra.cs.account.DistributionList;
/*     */ import com.zimbra.cs.account.Group;
/*     */ import com.zimbra.cs.account.NamedEntry;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ import com.zimbra.cs.account.accesscontrol.ACLUtil;
/*     */ import com.zimbra.cs.account.accesscontrol.GranteeType;
/*     */ import com.zimbra.cs.account.accesscontrol.Right;
/*     */ import com.zimbra.cs.account.accesscontrol.RightManager;
/*     */ import com.zimbra.cs.account.accesscontrol.RightModifier;
/*     */ import com.zimbra.cs.account.accesscontrol.ZimbraACE;
/*     */ import com.zimbra.soap.ZimbraSoapContext;
/*     */ import java.util.HashSet;
/*     */ import java.util.List;
/*     */ import java.util.Map;
/*     */ import java.util.Set;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class GrantRights
/*     */   extends AccountDocumentHandler
/*     */ {
/*     */   public Element handle(Element request, Map<String, Object> context)
/*     */     throws ServiceException
/*     */   {
/*  48 */     ZimbraSoapContext zsc = getZimbraSoapContext(context);
/*  49 */     Account account = getRequestedAccount(zsc);
/*     */     
/*  51 */     if (!canAccessAccount(zsc, account)) {
/*  52 */       throw ServiceException.PERM_DENIED("can not access account");
/*     */     }
/*     */     
/*  55 */     Set<ZimbraACE> aces = new HashSet();
/*  56 */     for (Element eACE : request.listElements("ace")) {
/*  57 */       ZimbraACE ace = handleACE(eACE, zsc, true);
/*  58 */       aces.add(ace);
/*     */     }
/*     */     
/*  61 */     List<ZimbraACE> granted = ACLUtil.grantRight(Provisioning.getInstance(), account, aces);
/*  62 */     Element response = zsc.createElement(AccountConstants.GRANT_RIGHTS_RESPONSE);
/*  63 */     if (aces != null) {
/*  64 */       for (ZimbraACE ace : granted) {
/*  65 */         ToXML.encodeACE(response, ace);
/*     */       }
/*     */     }
/*     */     
/*  69 */     return response;
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   static ZimbraACE handleACE(Element eACE, ZimbraSoapContext zsc, boolean granting)
/*     */     throws ServiceException
/*     */   {
/*  85 */     Right right = RightManager.getInstance().getUserRight(eACE.getAttribute("right"));
/*  86 */     GranteeType gtype = GranteeType.fromCode(eACE.getAttribute("gt"));
/*  87 */     String zid = eACE.getAttribute("zid", null);
/*  88 */     boolean deny = eACE.getAttributeBool("deny", false);
/*  89 */     boolean checkGranteeType = eACE.getAttributeBool("chkgt", false);
/*  90 */     String secret = null;
/*  91 */     NamedEntry nentry = null;
/*     */     
/*  93 */     if (gtype == GranteeType.GT_AUTHUSER) {
/*  94 */       zid = "00000000-0000-0000-0000-000000000000";
/*  95 */     } else if (gtype == GranteeType.GT_PUBLIC) {
/*  96 */       zid = "99999999-9999-9999-9999-999999999999";
/*  97 */     } else if (gtype == GranteeType.GT_GUEST) {
/*  98 */       zid = eACE.getAttribute("d");
/*  99 */       if ((zid == null) || (zid.indexOf('@') < 0)) {
/* 100 */         throw ServiceException.INVALID_REQUEST("invalid guest id or password", null);
/*     */       }
/*     */       try {
/* 103 */         nentry = lookupGranteeByName(zid, GranteeType.GT_USER, zsc);
/* 104 */         zid = nentry.getId();
/* 105 */         gtype = (nentry instanceof DistributionList) ? GranteeType.GT_GROUP : GranteeType.GT_USER;
/*     */       }
/*     */       catch (ServiceException e) {
/* 108 */         secret = eACE.getAttribute("pw");
/*     */       }
/* 110 */     } else if (gtype == GranteeType.GT_KEY) {
/* 111 */       zid = eACE.getAttribute("d");
/*     */       
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 120 */       secret = eACE.getAttribute("key", null);
/*     */     }
/* 122 */     else if (zid != null) {
/* 123 */       nentry = lookupGranteeByZimbraId(zid, gtype, granting);
/*     */     } else {
/* 125 */       nentry = lookupGranteeByName(eACE.getAttribute("d"), gtype, zsc);
/* 126 */       zid = nentry.getId();
/*     */       
/* 128 */       if ((gtype == GranteeType.GT_USER) && ((nentry instanceof Group))) {
/* 129 */         if (checkGranteeType) {
/* 130 */           throw AccountServiceException.INVALID_REQUEST(eACE.getAttribute("d") + " is not a valid grantee for grantee type '" + gtype.getCode() + "'.", null);
/*     */         }
/*     */         
/* 133 */         gtype = GranteeType.GT_GROUP;
/*     */       }
/*     */     }
/*     */     
/*     */ 
/* 138 */     RightModifier rightModifier = null;
/* 139 */     if (deny)
/* 140 */       rightModifier = RightModifier.RM_DENY;
/* 141 */     return new ZimbraACE(zid, gtype, right, rightModifier, secret);
/*     */   }
/*     */   
/*     */   private static NamedEntry lookupEmailAddress(String name) throws ServiceException
/*     */   {
/* 146 */     NamedEntry nentry = null;
/* 147 */     Provisioning prov = Provisioning.getInstance();
/* 148 */     nentry = prov.get(Key.AccountBy.name, name);
/*     */     
/* 150 */     if (nentry == null) {
/* 151 */       nentry = prov.getGroup(Key.DistributionListBy.name, name);
/*     */     }
/* 153 */     return nentry;
/*     */   }
/*     */   
/*     */   private static NamedEntry lookupGranteeByName(String name, GranteeType type, ZimbraSoapContext zsc)
/*     */     throws ServiceException
/*     */   {
/* 159 */     if ((type == GranteeType.GT_AUTHUSER) || (type == GranteeType.GT_PUBLIC) || (type == GranteeType.GT_GUEST) || (type == GranteeType.GT_KEY))
/*     */     {
/*     */ 
/*     */ 
/* 163 */       return null;
/*     */     }
/*     */     
/* 166 */     Provisioning prov = Provisioning.getInstance();
/*     */     
/* 168 */     if (((type == GranteeType.GT_USER) || (type == GranteeType.GT_GROUP)) && (name.indexOf('@') == -1)) {
/* 169 */       Account authacct = prov.get(Key.AccountBy.id, zsc.getAuthtokenAccountId(), zsc.getAuthToken());
/* 170 */       String authname = authacct == null ? null : authacct.getName();
/* 171 */       if (authacct != null) {
/* 172 */         name = name + authname.substring(authname.indexOf('@'));
/*     */       }
/*     */     }
/*     */     
/* 176 */     NamedEntry nentry = null;
/* 177 */     if (name != null) {
/* 178 */       switch (type) {
/*     */       case GT_USER: 
/* 180 */         nentry = lookupEmailAddress(name);
/* 181 */         break;
/*     */       case GT_GROUP: 
/* 183 */         nentry = prov.get(Key.DistributionListBy.name, name);
/* 184 */         break;
/*     */       case GT_DOMAIN: 
/* 186 */         nentry = prov.get(Key.DomainBy.name, name);
/*     */       }
/*     */       
/*     */     }
/* 190 */     if (nentry != null)
/* 191 */       return nentry;
/* 192 */     switch (type) {
/*     */     case GT_USER: 
/* 194 */       throw AccountServiceException.NO_SUCH_ACCOUNT(name);
/*     */     case GT_GROUP: 
/* 196 */       throw AccountServiceException.NO_SUCH_DISTRIBUTION_LIST(name);
/*     */     case GT_DOMAIN: 
/* 198 */       throw AccountServiceException.NO_SUCH_DOMAIN(name);
/*     */     }
/* 200 */     throw ServiceException.FAILURE("LDAP entry not found for " + name + " : " + type, null);
/*     */   }
/*     */   
/*     */   private static NamedEntry lookupGranteeByZimbraId(String zid, GranteeType type, boolean granting)
/*     */     throws ServiceException
/*     */   {
/* 206 */     Provisioning prov = Provisioning.getInstance();
/* 207 */     NamedEntry nentry = null;
/*     */     try {
/* 209 */       switch (type) {
/*     */       case GT_USER: 
/* 211 */         nentry = prov.get(Key.AccountBy.id, zid);
/* 212 */         if ((nentry == null) && (granting)) {
/* 213 */           throw AccountServiceException.NO_SUCH_ACCOUNT(zid);
/*     */         }
/* 215 */         return nentry;
/*     */       
/*     */       case GT_GROUP: 
/* 218 */         nentry = prov.get(Key.DistributionListBy.id, zid);
/* 219 */         if ((nentry == null) && (granting)) {
/* 220 */           throw AccountServiceException.NO_SUCH_DISTRIBUTION_LIST(zid);
/*     */         }
/* 222 */         return nentry;
/*     */       
/*     */       case GT_DOMAIN: 
/* 225 */         nentry = prov.get(Key.DomainBy.id, zid);
/* 226 */         if ((nentry == null) && (granting)) {
/* 227 */           throw AccountServiceException.NO_SUCH_DOMAIN(zid);
/*     */         }
/* 229 */         return nentry;
/*     */       }
/*     */       
/*     */       
/*     */ 
/*     */ 
/*     */ 
/* 236 */       return null;
/*     */     }
/*     */     catch (ServiceException e) {
/* 239 */       if (granting)
/* 240 */         throw e;
/*     */     }
/* 242 */     return null;
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/service/account/GrantRights.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */